Adding SPDX support to E2E verifiers #105
sajayantony
started this conversation in
Ideas
Replies: 2 comments
-
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I've implemented a POC verifier here that parses an SPDX file and validates the licenses: https://github.com/etrexel/spdx-verifier-go. It still needs a little work to the license filtering to conform to the SPDX spec, but gives a basic idea of how this could work. I will start wrapping it in the Ratify verifier skeleton so that I can test it in the framework. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We have been discussing adding SPDX to the verifier chain for sometime now.
Thanks to @rnjudge for pointing me to @developer-guy's change - open-policy-agent/conftest#636
@etrexel you had evaluated an option for SPDX before. Do you think this would make things easier?
Beta Was this translation helpful? Give feedback.
All reactions